diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2022-06-20 10:08:26 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2022-06-20 13:24:54 +0200 |
| commit | 6247d1c3f73bab8fccd7b0d608d1a0aaf07fecdb (patch) | |
| tree | 95aeda791ee771511358831e9a5d49e8f375f67b /sys/linux/test/ping | |
| parent | 8f633d840e3eb6454f036e9da3285bcf27345616 (diff) | |
executor: fix enabling of ICMP/ping sockets
net/ipv4/ping_group_range sysctl grants access to ICMP sockets
to the specified user groups. But it needs to be set inside
of the net namespace (it's per-namespace).
We were setting it but in the init namespace only (which we don't use).
Set it after CLONE_NEWNET. This repairs testing of ICMP sockets.
Note: don't set it for setuid sandbox since it's "low privilege".
Diffstat (limited to 'sys/linux/test/ping')
| -rw-r--r-- | sys/linux/test/ping | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/linux/test/ping b/sys/linux/test/ping new file mode 100644 index 000000000..631bd958e --- /dev/null +++ b/sys/linux/test/ping @@ -0,0 +1,2 @@ +r0 = socket$inet_icmp(AUTO, AUTO, AUTO) +close(r0) |